Skip to content

Commit

Permalink
feat(reject_urls): do not allow urls in name and address fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@missinglink
missinglink committed Mar 15, 2019
1 parent 999bfff commit ee4dbeb
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 0 deletions.
4 changes: 4 additions & 0 deletions Document.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ Document.prototype.setName = function( prop, value ){

validate.type('string', value);
validate.truthy(value);
validate.regex.nomatch(value, /https?:\/\//);

// must copy name to 'phrase' index
if( Array.isArray( this.name[ prop ] ) ){
Expand All @@ -272,6 +273,7 @@ Document.prototype.setNameAlias = function( prop, value ){

validate.type('string', value);
validate.truthy(value);
validate.regex.nomatch(value, /https?:\/\//);

// is this the first time setting this prop? ensure it's an array
if( !this.hasName( prop ) ){
Expand Down Expand Up @@ -413,6 +415,7 @@ Document.prototype.setAddress = function( prop, value ){
validate.type('string', value);
validate.truthy(value);
validate.property(addressFields, prop);
validate.regex.nomatch(value, /https?:\/\//);

if( Array.isArray( this.address_parts[ prop ] ) ){
this.address_parts[ prop ][ 0 ] = value;
Expand All @@ -428,6 +431,7 @@ Document.prototype.setAddressAlias = function( prop, value ){
validate.type('string', value);
validate.truthy(value);
validate.property(addressFields, prop);
validate.regex.nomatch(value, /https?:\/\//);

// is this the first time setting this prop? ensure it's an array
if( !this.hasAddress( prop ) ){
Expand Down
12 changes: 12 additions & 0 deletions test/document/address.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,12 @@ module.exports.tests.setAddress = function(test) {
t.equal(doc.getAddress('test'), undefined, 'property not set');
t.end();
});
test('setAddress - http regex', function (t) {
var doc = new Document('mysource', 'mylayer', 'myid');
t.throws(doc.setAddress.bind(doc, 'number', 'http://www.pelias.io'), /invalid regex/, 'regex failure');
t.throws(doc.setAddress.bind(doc, 'number', 'AAhttp://www.pelias.ioBB'), /invalid regex/, 'regex failure');
t.end();
});
};

module.exports.tests.getAddressAliases = function(test) {
Expand Down Expand Up @@ -108,6 +114,12 @@ module.exports.tests.setAddressAlias = function(test) {
t.deepEqual(doc.getAddressAliases('test'), [], 'property not set');
t.end();
});
test('setAddressAlias - http regex', function (t) {
var doc = new Document('mysource', 'mylayer', 'myid');
t.throws(doc.setAddressAlias.bind(doc, 'number', 'http://www.pelias.io'), /invalid regex/, 'regex failure');
t.throws(doc.setAddressAlias.bind(doc, 'number', 'AAhttp://www.pelias.ioBB'), /invalid regex/, 'regex failure');
t.end();
});
};

module.exports.tests.hasAddress = function(test) {
Expand Down
12 changes: 12 additions & 0 deletions test/document/name.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ module.exports.tests.setName = function(test) {
t.equal(doc.getName('test'), undefined, 'property not set');
t.end();
});
test('setName - http regex', function (t) {
var doc = new Document('mysource', 'mylayer', 'myid');
t.throws(doc.setName.bind(doc, 'default', 'http://www.pelias.io'), /invalid regex/, 'regex failure');
t.throws(doc.setName.bind(doc, 'default', 'AAhttp://www.pelias.ioBB'), /invalid regex/, 'regex failure');
t.end();
});
};

module.exports.tests.getNameAliases = function(test) {
Expand Down Expand Up @@ -105,6 +111,12 @@ module.exports.tests.setNameAlias = function(test) {
t.deepEqual(doc.getNameAliases('test'), [], 'property not set');
t.end();
});
test('setNameAlias - http regex', function (t) {
var doc = new Document('mysource', 'mylayer', 'myid');
t.throws(doc.setNameAlias.bind(doc, 'default', 'http://www.pelias.io'), /invalid regex/, 'regex failure');
t.throws(doc.setNameAlias.bind(doc, 'default', 'AAhttp://www.pelias.ioBB'), /invalid regex/, 'regex failure');
t.end();
});
};

module.exports.tests.hasName = function(test) {
Expand Down
8 changes: 8 additions & 0 deletions test/util/valid.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,14 @@ module.exports.tests.nonnegative = (test) => {

};

module.exports.tests.regex = (test) => {
test('regex nomatch', (t) => {
t.throws(valid.regex.nomatch.bind(null, 'hello', /he/), /invalid regex/);
t.doesNotThrow(valid.regex.nomatch.bind(null, 'hello', /bye/), /invalid regex/);
t.end();
});
};

module.exports.all = (tape, common) => {

function test(name, testFunction) {
Expand Down
10 changes: 10 additions & 0 deletions util/valid.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,13 @@ module.exports.boundingBox = function( val ) {

return this;
};

module.exports.regex = {
nomatch: function(val, regex) {
if( regex.test(val) ){
throw new PeliasModelError(`invalid regex test, ${val} should not match ${regex}`);
}

return module.exports;
}
};

0 comments on commit ee4dbeb

Please sign in to comment.